4 Replies Latest reply on May 4, 2007 10:17 AM by insuractive

    CF / phpBB log-in integration

    romeogq Level 1
      Can someone please tell me what is wrong with this code?
      It processes through without any errors, but does not register as a log in.

      BTW, I barely understand what's going on in this code myself. I found it on the web a while back somewhere.
        • 1. CF / phpBB log-in integration
          insuractive Level 3
          I believe you have to set the cookie returned by your login as your browser cookie. Basically, since CFHTTP does not natively support cookies, you have to parse the cookie value out of the HTTP header. Once you have the cookie, you can pass it back in for all of your subsequent CFHTTP calls, thus allowing you to maintin session state on the server.

          You code does this:
          ------------------------------------------
          1) CFHTTP to server to log into. Parse out cookie
          2) Send login request along with cookie value. Parse out new cookie
          3) Now the session associated with your cookie value is logged into the site

          You need to do this:
          -----------------------------------------------------------
          4) Set the client cookie to be the "logged in" cookie value from (2)

          The problem I think you might have is that I think you can only set cookies for YourDomain.com, not DomainToLogInto.com. So if you are trying to log into a script on another domain, you might not be able to perform (4). Someone with better knowledge of HTTP and cookie behavior can probably add some clarification to this.
          • 2. CF / phpBB log-in integration
            romeogq Level 1
            Thanks for the reply 'insuractive'.

            Both scripts are reciding under the same domain. I just have phpBB in a sub-directory.

            Now I do consider myself to be very CF savy, but this cfhttp/client cookie/browser cookie stuff is destroying my brain matter!?!?!?

            Step 4, which you said I needed to do... huh!? I thought the new cookie was already set on step 3... if you don't mind, could you explain that a lil further?
            • 3. Re: CF / phpBB log-in integration
              sanaullah
              Hi

              Why not use cfx_http, its on cftagstore.com

              it will handle cookies stuff, what ever you decide you have to read documentation for implementation.

              Thanks
              • 4. CF / phpBB log-in integration
                insuractive Level 3
                sanaullah may have the answer to your problem. cfx_http has gotten a lot of good press on these forums for its ability to handle cookies.

                Basically your problem is that you are dealing with 2 separate user agents or "browsers":

                Browser1: The client's web browser
                Browser2: the ColdFusion CFHTTP user agent

                All your CFHTTP calls are performed using Browser2. Because Browser2 is not a typical web browser, it doesn't handle things like cookies in a usual way (which is why you have to parse them out of the HTTP header).

                Step 3 Retrieves the cookie (from the header) for Browser2. You still need to set the cookie for Browser1 in order to associate Browser1 with the Logged In session.

                You can sort of think about it as performing a session hijacking CSS attack, but on your own system.